IT SECURITY

Organizations are, in general, becoming increasingly dependent on information technology infrastructures to the point where day to day operations would come to a screeching halt without these systems. This appears to be particularly true for corporations, where the ability to communicate and access information is critical. Therefore, it is critical to secure information to ensure its Confidentiality, Integrity, and Availability. Today, there are many solutions that address specific security risks. However, without a well-designed security policy, security organization, and appropriate training, no organization can be secure against increasingly-sophisticated adversaries. There are no silver bullets when it comes to IT Security -- only the best practices. New attack vectors are constantly developing and becoming more sophisticated every day. The Internet has enabled criminals to launch attacks against organizations to steal critical data from thousands of miles away with practically no risk of prosecution. There are organized criminals who work meticulously to steal your critical data for purposes of either black-mail or sale of the obtained data on the black market.

IT Security Services

We provide outsourced IT Security Services to organizations of all sizes. Our approach is rather unique and innovative. We utilize a combination of detection, monitoring, training and incident response services, which provides effective countermeasures against all levels of cyber threats, be they internal or external. This service is typically offered after a security assessment to insure the network is secured and that security is maintained. The average detection period for an intrusion is approximately one year, according to the latest statistics. Oftentimes, the intrusion is not detected at all. Evidently, this service cannot be a one-size-fits-all approach. Depending upon the needs of the organization and the threat levels it faces, we design an appropriate level of services to mitigate internal and external threats.

Typical engagement will involve the placement of two servers at the client data center along with an Ethernet tap at the organization's Internet gateway.

Server One (Incident Response & Vulnerability Scanner) - This fully-equipped server is capable of responding to suspicious incidents and detecting network anomalies. With this server, we can forensically image computers, conduct scans, and find vulnerabilities on all computers that are located on the network. This capability also eases the process of conducting incident response assessments.

This server is typically equipped with:

Vulnerability Scanning Software: this software is used to scan all client servers and workstations to ensure they are all patched up and are not subject to known exploits.

Intrusion Detection Software: this software alerts us to all changes to the system state of the servers or workstations on the network.

Enterprise-Class Forensic Software: this software is capable of forensically examining and imaging any workstation or server on the client network.

Enterprise-Class Incident Response Software: this software is capable of responding to suspected incidents and is able to examine servers and computers remotely over the network wire. Through the use of this software the investigator can quickly enumerate all open ports, running services, and established connections of the target computer. This software also captures and analyzes the contents of the RAM to determine whether the server/computer was the subject of a successful cyber attack.

Enterprise-Class Workstation Monitoring Software: in the case of suspected employee misconduct, this software is capable of covertly inserting a monitoring agent into the suspect computer over the network wire. The software can be configured to capture and record any and all activities taking place on the suspect workstation.

Full set of computer forensics and incident response tools.

Server Two (Network Forensics) - This server is a custom Cyber Diligence propriety appliance. It collects all internet traffic, converts collected packets to native format documents, and stores them in a database with full content. It functions as a video recorder for network traffic. All internet traffic is saved for analysts to be examined in order to detect anomalies or investigate past suspected events.

Once the two servers are installed at the client's data center, Cyber Diligence investigators log in daily to perform checks on the network for unusual events, system changes, and scan computers for newly discovered vulnerabilities, etc.

IT Security Assessments

Our methodology to IT Security Assessments is a combination of industry best practices, along with the experience the assessment team possesses in conducting numerous IT Security related investigations, as well as the lessons we learned from those events. In addition, having managed and secured large scale IT infrastructures themselves, members of our assessment team understand the difficulties and challenges faced by the IT staff and can tell the difference between what is on paper and what is reality. As a result, our recommendations reflect this philosophy of practical solutions. Because our objective is to get a true assessment of the security pasture of an organization, as opposed to satisfying certain regulatory requirements, we go beyond what was put on paper, and look into real-life practices with a good dose of common sense.

Cyber Diligence, Inc. offers three levels of IT Security Assessments:

BASIC (30 Thousand Foot View)

Make a basic assessment of the organization’s IT Security Posture.

Perform a basic risk assessment.

Check to see if proper Policies and Procedures are in place such as Disaster

Recovery & Business Continuity, Acceptable Use, etc.).

Interview members of the IT Staff.

Examine Network Diagrams to ensure the network is configured properly.

Generally, one day per physical location on site.

MID LEVEL ASSESSMENT (10 Thousand Foot View)

Make a detailed assessment of the organization’s IT Security Posture.

Examine Network Diagrams to ensure the network is configured properly and proper safeguards are in place.

Detailed examination of all Policies and Procedures.

Understand the Business Process of the organization;

Identify and interview the Business Process owners to understand the technologies that drive those processes;

Identify “Crown Jewels” of the organization and perform a risk assessment in terms of internal and external threats against the Confidentiality, Integrity, and Availability of those resources;

Perform vulnerability scans on a select number of servers.

Examine select workstations for abnormal activity.

Identify all exploitable weaknesses and single points of failure.

COMPREHENSIVE ASSESSMENT

In addition to all steps taken during a Mid-Level Assessment;

Collect all Internet traffic for two days (each physical location) and perform risk analysis based upon usage patterns.

Scan all servers and select workstations for malware such as trojans, keyloggers, rootkits, hacker tools, etc.

Perform physical security survey of all data centers.

Work with in-house IT staff to remediate the weaknesses found.

Perform penetration testing after all recommended measures are implemented.

Above is a general description of three levels of assessments we provide. Oftentimes, it is possible to create a custom level of assessment based upon the organization’s needs and expectations.